Leveraging COBIT 2019 to Implement IT Governance in SME Context: A Case Study of Higher Education in Campus A


  • Diana Utomo Bina Nusantara University
  • Mahaning Wijaya Bina Nusantara University
  • Suzanna Bina Nusantara University
  • Efendi Bina Nusantara University
  • Noviyanti Tri Maretta Sagala Bina Nusantara University




COBIT 2019, IT Alignment, Small and Medium Enterprise (SME), Higher Education


Achieving business and Information Technology (IT) alignment has become the aspiration of most organizations nowadays. Small and Medium Enterprises (SMEs) are not exempt as they also thrive to survive in a competitive market using IT. However, implementing all IT control and management components will be excessive, with a lack of justifiable cost-benefit for SMEs. A tailored governance system based on the specificities of SMEs is necessitated to help the organization to focus on its main objectives and strategies. By leveraging COBIT 2019 design toolkit, the researchers support Campus A in establishing healthy governance and IT management. Both qualitative and quantitative approaches are applied to select relevant governance/ management objectives. The toolkit has been designed with a semi-automated quantitative approach in which users will get scoring for each objective based on the associated value inputted for each design factor. Through a series of discussions with the management team, it concludes the governance design and recommends several improvements to increase its capability level, from the current level of 1.05 (initial stage) to the desired level of 2.33 (repeatable stage). Then, since the toolkit is practical to use, it is also rigid by design with its predefined and protected formula. To some extent, the resulting score or importance level of certain governance/management objectives is questionable and lacks justification. Flags or indicators to ‘should-have’ governance/management objectives, regardless of the organization’s size and type, will be useful to prevent the omission of essential objectives.


Plum Analytics

Author Biographies

Diana Utomo, Bina Nusantara University

Information Systems Department, School of Information Systems

Mahaning Wijaya, Bina Nusantara University

Information Systems Department, School of Information Systems

Suzanna, Bina Nusantara University

Information Systems Department, School of Information Systems

Efendi, Bina Nusantara University

Information Systems Department, School of Information Systems

Noviyanti Tri Maretta Sagala, Bina Nusantara University

Statistics Department, School of Computer Science


O. Olutoyin and S. Flowerday, “Successful IT governance in SMES: An application of the Technology-Organisation-Environment theory,” South African Journal of Information Management, vol. 18, no. 1, pp. 1–8, 2016.

J. Devos, H. Van Landeghem, and D. Deschoolmeester, “IT governance in SMEs: A theoretical framework based on the outsourced information systems failure,” in 3rd European Conference on Information Management and Evaluation. Sweden: Academic Conferences ltd, Sept. 17–18, 2009, pp. 132–142.

F. Mijnhardt, T. Baars, and M. Spruit, “Organizational characteristics influencing SME information security maturity,” Journal of Computer Information Systems, vol. 56, no. 2, pp. 106–115, 2016.

A. M. Stjepi´c, M. Peji´c Bach, and V. Bosilj Vukˇsi´c, “Exploring risks in the adoption of business intelligence in SMEs using the TOE framework,” Journal of Risk and Financial Management, vol. 14, no. 2, pp. 1–18, 2021.

J. Natovich, “Vendor related risks in IT development: A chronology of an outsourced project failure,” Technology Analysis & Strategic Management, vol. 15, no. 4, pp. 409–419, 2003.

N. Shankar, “Role of global economic policy uncertainty on firms participation in innovation and new product introductions: An empirical study in African SMEs,” Transnational Corporations Review, vol. 12, no. 4, pp. 360–378, 2020.

ISACA, Designing an information and technology governance solution. ISACA, 2018.

R. F. Frogeri, D. J. Pardini, A. M. P. Cardoso, L. A´ . Prado, F. P. Piurcosky, and P. d. S. P. Junior, “IT governance in SMEs: The state of art,”International Journal of IT/Business Alignment and Governance (IJITBAG), vol. 10, no. 1, pp. 55–73, 2019.

T. Huygh and S. De Haes, “Exploring the research domain of it governance in the SME context,” in Start-ups and SMEs: Concepts, methodologies, tools, and applications. IGI Global, 2020, pp. 1606–1622.

I. Scalabrin Bianchi, R. Dinis Sousa, and R. Pereira, “Information technology governance for higher education institutions: A multi-country study,” Informatics, vol. 8, no. 2, pp. 1–28, 2021.

M. Q. Y. He, K. Peiris, and M. Myers, “IT governance strategies for SMEs in the Fourth Industrial Revolution,” in PACIS 2019, X’ian, China, 2019.

F. Salehi, B. Abdollahbeigi, and S. Sajjady, “Impact of effective IT governance on organizational performance and economic growth in Canada,” Asian Journal of Economics, Finance and Management, vol. 3, no. 2, pp. 14–19, 2021.

ISACA, COBIT®2019 framework: Introduction & methodology. ISACA, 2018.

A. E. Asmah and M. Kyobe, “Towards an integrative theoretical model for examining IT governance audits,” in Proceedings of the 11th International Conference on Theory and Practice of Electronic Governance, Galway, Republic of Ireland, April 4–6 2018, pp. 18–22.

ISACA, Introducing COBIT 2019: Executive summary. ISACA, 2018.

A. C. Amorim, M. M. Da Silva, R. Pereira, and M. Gonc¸alves, “Using agile methodologies for adopting cobit,” Information Systems, vol. 101, pp. 1–16, 2021.

ISACA, Introducting COBIT 2019: Major differences with COBIT 5. ISACA, 2018.

M. S. Dar, S. Ahmed, and A. Raziq, “Small and medium-size enterprises in Pakistan: Definition and critical issues,” Pakistan Business Review, vol. 19, no. 1, pp. 46–70, 2017.

A. Khodakivska, “Measuring jobs from micro, small, and medium-size enterprises financed by IFC client financial institutions,” The World Bank, Tech. Rep., 2013.

K. Peffers, T. Tuunanen, M. A. Rothenberger, and S. Chatterjee, “A design science research methodology for information systems research,” Journal of Management Information Systems, vol. 24, no. 3, pp. 45–77, 2007.

K. Peffers, T. Tuunanen, and B. Niehaves, “Design science research genres: Introduction to the special issue on exemplars and criteria for applicable design science research,” European Journal of Information Systems, vol. 27, no. 2, pp. 129–139, 2018.

S. Ebneyamini and M. R. Sadeghi Moghadam, “Toward developing a framework for conducting case study research,” International Journal of Qualitative Methods, vol. 17, pp. 1–11, 2018.

K. Thoring, R. Mueller, and P. Badke-Schaub, “Workshops as a research method: Guidelines for designing and evaluating artifacts through workshops,” in Proceedings of the 53rd Hawaii International Conference on System Sciences, Grand Wailea, Hawaii, Jan. 7–10, 2020.

Y. K. Singh, Fundamental of research methodology and statistics. New Age International, 2006.

L. Englbrecht, S. Meier, and G. Pernul, “Towards a capability maturity model for digital forensic readiness,” Wireless Networks, vol. 26, no. 7, pp. 4895–4907, 2020.

E. Elue, “Effective capability and maturity assessment using COBIT 2019,” 2020. [Online]. Available: https://bit.ly/3cCBAfs

SFIA, “The global skills and competency framework for the digital world,” 2018. [Online]. Available: https://sfia-online.org/en/sfia-7

S. De Haes, W. Van Grembergen, A. Joshi, and T. Huygh, “Enterprise governance of information technology: Achieving alignment and value in digital organizations,” in Management for professionals (MANAGPROF). Springer, 2020.

T. Papadopoulos, K. N. Baltas, and M. E. Balta, “The use of digital technologies by small and medium enterprises during COVID-19: Implications for theory and practice,” International Journal of Information Management, vol. 55, pp. 1–4, 2020.

A. Joshi, J. Benitez, T. Huygh, L. Ruiz, and S. De Haes, “Impact of it governance process capability on business performance: Theory and empirical evidence,” Decision Support Systems, vol. 153, pp. 1–12, 2022.

L. Raymond, F. Bergeron, A.-M. Croteau, and S. Uwizeyemungu, “Determinants and outcomes of IT governance in manufacturing SMEs: A strategic IT management perspective,” International Journal of Accounting Information Systems, vol. 35, pp. 1–15, 2019.

H. C. C. d. Silva, D. S. d. Silveira, J. S. Dornelas, and H. S. Ferreira, “Information technology governance in small and medium enterprisesa systematic mapping,” JISTEM-Journal of Information Systems and Technology Management,vol. 17, pp. 1–16, 2019.

W. S. Castellanos, “Impact of the Information Technology (IT) governance on business- IT alignment,” Ph.D. dissertation, Pontificia Universidad Catolica del Peru-CENTRUM Catolica (Peru), 2020.

A. Levstek, T. Hovelja, and A. Pucihar, “IT governance mechanisms and contingency factors: Towards an adaptive IT governance model,” Organizacija, vol. 51, no. 4, pp. 286–310, 2018.

M. Martinsuo and T. Luomaranta, “Adopting additive manufacturing in SMEs: Exploring the challenges and solutions,” Journal of Manufacturing Technology Management, vol. 29, no. 6, pp. 937–957, 2018.



Abstract 1409  .
PDF downloaded 1638  .